Using Non-Transparent Connections

Note: This topic applies to the Edinburgh Release.

Non-transparent connections from users’ web browsers to Guardian are suitable when content is accessed using HTTPS or when using NTLM or proxy authentication or identification in terminal services compatibility mode.

Connecting to Guardian non-transparently entails configuring users’ web browsers to use Guardian as the web proxy using one of the following methods:

In the Automatic configuration area, check that Automatically detect settings and Use automatic configuration script are not selected.

4.

In the Proxy server area, select Use a proxy serverfor your LAN …

5.

Enter Guardian's IP address and port number 800 and select Bypass proxy server for local addresses.

6.

Click Advanced to access more settings. In the Exceptions area, enter Guardian’s IP address and any other IP addresses to content that you do not want filtered, for example, your intranet or local wiki.

A proxy auto-config (PAC) script is a file generated by Guardian. Once configured, any changes to connections are automatically retrieved by the user’s web browser. For information about working with PAC scripts, see Using PAC Scripts .

Note: The following instructions apply to Internet Explorer 7. For information about other browsers, see the documentation delivered with the browsers.

To configure a non-transparent connection using a PAC script:

1.

On the user’s computer, start Internet Explorer, and from the Tools menu, select Internet Options.

Note: This method is only for administrators familiar with configuring web and DNS servers. End-user browsers must support WPAD – the latest versions of Microsoft Internet Explorer support this method.

The WPAD method works by the web browser pre-pending the hostname wpad to the front of its fully qualified domain name and looking for a web server on port 80 that can supply a wpad.dat file. The file works in the same way as the automatic configuration script and tells the browser what web security policy it should use.

To use WPAD:

1.

Configure your network to use Guardian as the network web proxy. Consult your network documentation for more information about how to do this.

2.

Using a local DNS server or Guardian’s static DNS, add the host 'wpad.YOURDOMAINNAME' substituting your own domain name. The host must resolve to Guardian’s IP address.